Drupal Security Announcements | Common Bonds of Indianapolis

Drupal Security Announcements

This list is for security announcements sent out be the Drupal security team.

URL

http://drupal.org/taxonomy/term/44/0

Last update

3 weeks 4 days ago

November 5, 2008

13:51

SA-2008-069 - CCK for 5.x and 6.x - XSS vulnerabilities

Advisory ID: DRUPAL-SA-2008-069
Project: Content Construction Kit (third-party module)
Versions: 5.x, 6.x
Date: 2008-November-5
Security risk: Minor
Exploitable from: Remote
Vulnerability: Cross site scripting

October 22, 2008

15:34

SA-2008-068 - Localization client and Localization server - Cross site request forgery

Advisory ID: DRUPAL-SA-2008-068
Project: Localization client and Localization server (third-party modules)
Versions: 5.x, 6.x
Date: 2008-October-22
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross site request forgery

14:06

SA-2008-067 - Drupal core - Multiple vulnerabilities

Advisory ID: DRUPAL-SA-2008-067
Project: Drupal core
Versions: 5.x and 6.x
Date: 2008-October-22
Security risk: Less Critical
Exploitable from: Local/Remote
Vulnerability: Multiple vulnerabilities

October 15, 2008

14:02

SA-2008-066 - Shindig-Integrator - Multiple vulnerabilities

Advisory ID: DRUPAL-SA-2008-066
Project: Shindig-Integrator (third-party module)
Versions: 5.x
Date: 2008-October-15
Security risk: Less critical
Exploitable from: Remote
Vulnerability: Multiple vulnerabilities

13:27

SA-2008-065 - Node Clone - Access bypass

Advisory ID: DRUPAL-SA-2008-065
Project: Node Clone (third-party module)
Version: 6.x, and 5.x.
Date: 2008-October-15
Security risk: Less critical
Exploitable from: Remote
Vulnerability: Access bypass

11:46

SA-2008-064 - Node Vote - SQL injection vulnerability

Advisory ID: DRUPAL-SA-2008-064
Project: Node Vote (third-party module)
Versions: 5.x and 6.x
Date: 2008-October-15
Security risk: Critical
Exploitable from: Remote
Vulnerability: SQL injection